[Enigmail] Proposed policy
Robert J. Hansen
rjh at sixdemonbag.org
Tue Dec 11 16:36:39 PST 2007
Please trim your reply.
LeRoy Cressy wrote:
> It is my opinion that the majority of users of enigmail have a fairly
> comprehensive knowledge of computer security.
This would be absurd, were it not for the fact this belief is so widely
held. At _Financial Cryptography_ two years ago only 39% of attendees
could tell you if their email client supported S/MIME and/or OpenPGP.
39%. And this is one of the highest-speed crypto conferences out there.
Then we also have people such as yourself, who believe they have a
comprehensive knowledge of computer security, who do not understand the
difference between designing systems that work correctly when people act
as they should, and systems that work correctly even in the face of attacks.
Most people have no effective understanding of computer security. Most
people with CS degrees do not have an effective understanding of
computer security--I'm unaware of any undergrad program that requires
courses in the subject, and most undergrads only study what their
courses require. Most people with advanced CS degrees do not have an
effective understanding of computer security.
I don't have an effective understanding of computer security. My talent
comes from (a) knowing where I'm ignorant and (b) knowing how to look up
the things I don't know. If you have a firm understanding of both, you
can get pretty far just on that.
More information about the Enigmail
mailing list